CVE-2014-8800
CVE-2014-8800 is a cross-site scripting (XSS) vulnerability in the Nextend Facebook Connect WordPress plugin prior to 1.5.1. The issue affects nextend-facebook-settings.php via the fb_login_button parameter in a newfb_update_options action, enabling remote injection of arbitrary HTML/script. Publ...